> On 7/8/25 02:17, John Levine wrote: > > It appears that Shumon Huque <[email protected]> said: > >> Please review the draft and speak up if you have comments, and would like > >> to see this draft adopted (or not). > > > > I don't hate the draft but since we have been living with colliding tags fo > r two > > decades and experience shows that collisions of more than two tags never ap > pear > > unless maliciously created, this doesn't strike me as a good use of our tim > e. > > > > Just add "more than two colliding tags" to the long list of limits in DNS > > resolvers and we can work on something else. > > +1
Somewhat surprisingly, I didn't find collisions a big problem when validating but I do want to avoid collisions in a signer. In my opinion the important thing to solve is avoiding collisions in a multi-signer setup (and to some extent, when pre-generating keys). I wonder what the timeline would be of deployment of this draft. This draft only simplifies validator code when all existing algorithms have been deprecated for validation. Which is likely to be a very long time in the future. For future PQC algorithms it should be fine to just disallow collisions when they are specified. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
